Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Waiting For MyDooms Sunday Punch

A series of MyDoom-inspired denial-of-service attacks will commence this Sunday. Here's the latest analysis of the scope of the problem, how the attacks will proceed and what individuals and businesses can expect during the event.

This Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worms dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but theres little that can be done to stop it.

Heres how Sundays distributed denial-of-service attack will proceed: At midnight of the international date line the Windows computers infected by the MyDoom.A and MyDoom.B worms will begin to send large numbers of Web requests to the Web site of The SCO Group, the Lindon, Utah-based Unix vendor; the wave will begin in the far east and move westward around the world. Such a large quantity of requests will overwhelm SCOs Web server, making the site unavailable.

From the data gathered by security researchers, the scope of the attack is in question. Individual MyDoom.A victims may or may not be part of this attack.

According to Symantecs research, only 25 percent of infected systems may participate in the attack. And since there appear to be very few MyDoom.B infections remaining in the wild, the number of systems performing the attack looks to be many fewer than had been feared.

Still, at the height of the MyDoom.A infection early in the week, some 1 in every 12 messages were infected, according to New York e-mail security company MessageLabs Inc. The company said that its filters had stopped more than 8 million copies of the worm by Friday.

So if only 25 percent of infected computers launch the expected DDoS attack, that will still be a very large number of machines. Thus its unlikely that SCOs Web site will stay up and running. The attack is scheduled to continue until February 12.

On February 3, a similar attack will form against Microsoft from computers infected with MyDoom.B. However, major antivirus vendors reported that the infection rate for MyDoom.B was much less than the earlier worm, which it is believed infected hundreds of thousands of systems.

While it would appear at this point that MyDoom.B is a bust, Ken Dunham, director of malicious code at security intelligence firm iDefense Inc. of Reston Va., pointed out that MyDoom has a variety of means to update itself, so its possible that there are more MyDoom.B infections out in the public than can be verified at present.